<?
error_reporting(E_ERROR);
if (!class_exists("go_sql")){
include("/var/www/html/new/conf/le.je");
  $le=new go_sql();
  $le->connect(); 
}

$getfilter="'|(and|or)\\b.+?(>|<|=|in|like)|\\/\\*.+?\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)";

foreach($_GET as $key=>$value){ 
	StopAttack($key,$value,$getfilter);
}

function StopAttack($StrFiltKey,$StrFiltValue,$ArrFiltReq){  

if(is_array($StrFiltValue))
{
    $StrFiltValue=implode($StrFiltValue);
}  
if (preg_match("/".$ArrFiltReq."/is",$StrFiltValue)==1){   
    log_attack($StrFiltKey, $StrFiltValue);
    die("非法操作");
}
}

//攻击日志函数
function  log_attack($StrFiltKey, $StrFiltValue) {
    $filepath="/var/log/attack/attack.log";
	$word="\n\n操作IP: ".$_SERVER["REMOTE_ADDR"]."\n操作时间: ".strftime("%Y-%m-%d %H:%M:%S")."\n操作页面:".$_SERVER["PHP_SELF"]."\n提交方式: ".$_SERVER["REQUEST_METHOD"]."\n提交参数: ".$StrFiltKey."\n提交数据: ".$StrFiltValue;
    $maxsize  = 1024*1024;
    $filesize = filesize($filepath);
    $filename = substr($filepath,0,strpos($filepath,'.'));
    if($filesize>$maxsize)
    {
        rename($filepath, $filename.'_'.date('Ymd'));
        $handler=fopen($filepath,'w');
        flock($handler, LOCK_EX) ;
        fwrite($handler,$word);
        fclose($handler);
    } 
    else 
    {
     $fp = fopen($filepath,"a");
     flock($fp, LOCK_EX) ;
     fwrite($fp,$word);
     flock($fp, LOCK_UN);
     fclose($fp);
    }
  
}


//非法输入检测
function p_match($matchstr){
	$guestexp = 'SELECT|UPDATE|INSERT|DROP|CREATE|DELETE';
	if (preg_match("/^\s*$|^c:\\con\\con$|[\*\"\'\t\<\>\&\\\\\/\\\$]|$guestexp/is", $matchstr)) {
		return true;
	}else{
		return false;
	}
}


//检测整数数字
function c_get($num){
//$num=intval($num);
if (!is_numeric($num) || floor($num)<0 || floor($num)>100000000 || strpos($num,'.') || p_match($num)){
  return true;
}else{
  return false;	
}
}

//url编码转换
function url_encode($tt){
return urlencode(mb_convert_encoding($tt,'gbk','utf-8'));
}

//截取
function mbsubstr($str, $width = 0, $end = '', $x3 = 0) {   
    global $CFG;  
    if ($width <= 0 || $width >= strlen($str)) {   
        return $str;   
    }   
    $arr = str_split($str);   
    $len = count($arr);   
    $w = 0;   
    $width *= 10;   
  
    $x1 = 11;   
    $x2 = 16;   
    $x3 = $x3===0 ? ( $CFG['cf3']  > 0 ? $CFG['cf3']*10 : $x3 = 21 ) : $x3*10;   
    $x4 = $x3;   
  
    for ($i = 0; $i < $len; $i++) {   
        if ($w >= $width) {   
            $e = $end;   
            break;   
        }   
        $c = ord($arr[$i]);   
        if ($c <= 127) {   
            $w += $x1;   
        }   
        elseif ($c >= 192 && $c <= 223) { 
            $w += $x2;   
            $i += 1;   
        }   
        elseif ($c >= 224 && $c <= 239) { 
            $w += $x3;   
            $i += 2;   
        }   
        elseif ($c >= 240 && $c <= 247) {
            $w += $x4;   
            $i += 3;   
        }   
    }   
  
    return implode('', array_slice($arr, 0, $i) ). $e;   
} 

//长度
function str_len($str)
{
    $length = strlen(preg_replace('/[\x00-\x7F]/', '', $str));

    if ($length)
    {
        return strlen($str) - $length + intval($length / 3) * 2;
    }
    else
    {
        return strlen($str);
    }
}


//长度2
function str_len2($str)
{
    $length = strlen(preg_replace('/[\x00-\x7F]/', '', $str));

    if ($length)
    {
        return strlen($str) - $length + intval($length / 3);
    }
    else
    {
        return strlen($str);
    }
}

//过滤
function fliter_words($str){
if (eregi('select|insert|update|delete|union|into|load_file|outfile|script|onmouse|onclick|onkey|submit', $str)){
return true;
}else{
return false;
}
}

//自动编号
function bh_auto($num1,$num2){
$n1=strlen($num1);
$n2=$num2;
if ($n1<$n2){
	$ni=$n2-$n1;
	for($i=0;$i<$ni;$i++){
	$num1="0".$num1;
	}
}
return $num1;
}

//好坏图片
function show_pic($str, $w = 48, $h = 48){
$astr=explode("|",$str);
if ($astr[0]==1){
	$path="/images/good.png";
}elseif($astr[0]==0){
	$path="/images/bad.png";
}
return "<img src='$path' align='absmiddle' width='$w' height='$h' class='imgie6' border='0' /> ".$astr[1];
}

//帮助
function show_help($str){
$c=str_replace("{bb}","&#10;",$str);
$path="/images/q.png";
$img="<img src='$path' align='absmiddle' class='imgie6' bodor='0' alt=\"".$c."\" title=\"".$c."\" />";
echo $img;
}


//生成
function makeContent($mark,$repl,$str){
$m="<!--".$mark."-->";
$str=str_replace($m,$repl,$str);
return $str;
}

//警告框
function alert($s, $url="/"){
	echo "<script>alert('".$s."');window.location.href='".$url."';</script>";
	echo $s;
	exit;	
}

include('/var/www/html/new/conf/config');

function make_sql($a, $num=1){
    $a1=array_keys($a);
    $a2=array_values($a);
    if ($num==1) return implode(',',$a1);
    else return implode(',',$a2);
}

function make_post($id, $vid, $url){
    $post_data = array();
    if (!is_array($id) && !is_array($vid)){
     $post_data[$id] = $vid;
    }else{
        foreach ($id as $kk=>$vv){
            $post_data[$vv]=$vid[$kk];
        }
    }
    $url='http://localhost/new/'.$url;
    $o="";
    foreach ($post_data as $k=>$v){
        $o.= "$k=".urlencode($v)."&";
    }
    $post_data=substr($o,0,-1);
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_POST, 1);
    curl_setopt($ch, CURLOPT_HEADER, 0);
    curl_setopt($ch, CURLOPT_URL,$url);
    curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
    return curl_exec($ch);
}

//加密处理函数
function hashN($n){
	$s="hash";
	switch ($n){
		case '1':
		return $s."32";
		break;
		case '2':
		return $s."36";
		break;
		case '3':
		return $s."64";
		break;
		default:
		return $s."32";
		break;
	}
}

function md_String($n){
    $na=array("S","X","1","Y","F","T","9","K","M","3");
    $n =(string)$n;
    $s="";
    for ($i=0;$i<6;$i++){
        $s.=$na[$n{$i}];
    }
    return $s;
}
?>